Microsoft security software detects and removes this threat.

This threat has been "obfuscated", which means it has tried to hide its purpose so your security software doesn't detect it.

The malware that lies underneath this obfuscation can have almost any purpose.

Find out ways that malware can get on your PC.

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

VirTool:Win32/CeeInject is a detection for certain forms of obfuscated malware. Malicious programs detected as VirTool:Win32/CeeInject are used by different malware families in the wild to protect them from detection or analysis.

One such sample of VirTool:Win32/CeeInject obfuscates a Bitcoin mining client, which may be installed on your PC to mine Bitcoins without your knowledge.

Analysis by Stefan Sellmer


Alerts from your security software might be the only symptom.


Alert level: Severe
First detected by definition:
Latest detected by definition: 1.199.1088.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Nov 23, 2007
This entry was updated on: Oct 31, 2014

This threat is also detected as:
  • Win32/Injector.KAN trojan (ESET)
  • Virus.Win32.CeeInject (Ikarus)
  • Trojan.Win32.Miner.p (Kaspersky)
  • TROJ_INJECTR.VI (Trend Micro)